Witam mój problem polega na tym że dokucza mi virus (chyba) o nazwie Surfvox nie pozwala mi on na włączenie gogle chrome i nie tylko nie mogę też odpalić przywracania systemu. Gdy próbuje włączyć chrome odpala się firefox ze stroną startową Surfvox. Nie mogę też odpalić niektórych stron np. elektroda ;c, nie da się też odpalić appdaty w oknie uruchom, zapewne jest jeszcze wiele rzeczy które są niedziałające czy format naprawi sprawę ?
Proszę o pomoc
załączam logi z FRST
Otwórz Notatnik i wklej:
Task: {1A836C74-4014-4B9A-A71D-2979B09A7738} - System32\Tasks\{E7A79195-0E7A-4CBE-969E-1BE31C36696F} = Chrome.exe http://ui.skype.com/ui/0/5.5.0.124.259/pl/abandoninstall?source=lightinstalleramp;page=tsDownloadamp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {1AA56BFF-1A4A-4F52-ACF2-C8DC8CF8E0DD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2253724802-3432384096-2488222500-1001Core = C:\Users\łukasz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-05] (Facebook Inc.)
Task: {22D62BB4-C02F-4163-A108-5C6906950BBB} - System32\Tasks\{C31812DB-D9A6-4BC5-B0EE-1857968E4093} = Chrome.exe http://ui.skype.com/ui/0/5.5.0.124.259/pl/abandoninstall?source=lightinstalleramp;page=tsMainamp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {26765702-EF42-4A98-8E69-EB18584E0125} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2253724802-3432384096-2488222500-1001UA = C:\Users\łukasz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-05] (Facebook Inc.)
Task: {283343D2-2B2A-44C1-BCF3-5D7D8C9DD4EF} - System32\Tasks\{91546FE8-B16E-4893-B1C4-B4E0E928B2B2} = Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsMain
Task: {2F96F49B-9EA6-40F2-B789-6BED829A256F} - System32\Tasks\{C314D18E-7A53-4A6D-B891-DE3C4F743A51} = Chrome.exe http://ui.skype.com/ui/0/5.5.0.124.259/pl/abandoninstall?source=lightinstalleramp;page=tsDownloadamp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {4D6428D9-8531-49B4-BA81-17C155985F92} - System32\Tasks\{564686D0-64E8-4DB1-BE0F-CB0A80899E85} = Chrome.exe http://ui.skype.com/ui/0/6.3.0.107/pl/abandoninstall?page=tsProgressBar
Task: {6746A6CF-D88E-43F7-B99E-E0F8E095E9EB} - System32\Tasks\{52180903-EA2C-4AC4-A20E-CD400670872C} = Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsMain
Task: {7ACB59B8-C57F-454C-8A3C-7FE71B177AF6} - System32\Tasks\{DBE3932C-1BE3-49F9-B6E3-FB85FD67A1E1} = Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsMain
Task: {94209C6B-AE90-45F4-AFE8-8FDD911B9860} - System32\Tasks\{B7DBD163-AF2E-4C44-B73E-4B247B648624} = Chrome.exe http://ui.skype.com/ui/0/6.3.0.107/pl/abandoninstall?page=tsProgressBar
Task: {95609171-ED5A-4C00-8BBD-9983171F0FD3} - System32\Tasks\{0EF90BB3-C23E-4CC6-BAB5-AE147712C677} = Chrome.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=5.5.0.124.259amp;LastError=404
Task: {97E8A82C-DDB1-4BE8-B4C9-81017F829555} - System32\Tasks\{3CA7AA82-9AE4-47AC-83A2-7D56C59354ED} = Firefox.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=5.5.0.124.259amp;LastError=12029
Task: {F4B55723-30BC-4C3C-A0D8-75CB5445479D} - System32\Tasks\{2BA459C2-6919-4B9D-ACF8-8286D48529C8} = Chrome.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=5.5.0.124.259amp;LastError=404
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2253724802-3432384096-2488222500-1001Core.job = C:\Users\Bukasz\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2253724802-3432384096-2488222500-1001UA.job = C:\Users\Bukasz\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,c:\programdata\datacardservice\dcshelpersrv.exe [X]
HKU\S-1-5-21-2253724802-3432384096-2488222500-1001\...\Run: [Facebook Update] = "C:\Users\Bukasz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2253724802-3432384096-2488222500-1001\...\Run: [nvxasync] = C:\Users\Bukasz\AppData\Roaming\nvxasync\nvxasync.exe
HKU\S-1-5-21-2253724802-3432384096-2488222500-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [76678656 2014-11-02] () ==== ATTENTION
ShortcutTarget: start.lnk - C:\Users\łukasz\9p2garka7ur3\69890.vbs (No File)
BHO-x32: No Name - {61DB16C5-B733-43F4-872E-B20DC9E72740} - No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CHR HKCU\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\łukasz\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-07-15]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\łukasz\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-07-15]
S2 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe" [X]
S3 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe" [X]
S2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [X]
S3 fsssvc; "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [X]
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S2 NvNetworkService; "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [X]
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [X]
S3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [X]
S3 Steam Client Service; "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [X]
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 FXDrv32; \\E:\FXDrv64.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 jxflqihg; \\C:\Windows\system32\drivers\jxflqihg.sys [X]
S1 kjnhwfil; \\C:\Windows\system32\drivers\kjnhwfil.sys [X]
2014-11-02 17:53 - 2014-11-02 17:54 - 00000000 _RSHD () C:\ProgramData\nvxasync
2014-11-02 16:51 - 2014-11-02 17:58 - 00000000 _RSHD () C:\Users\łukasz\AppData\Roaming\nvxasync
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
bez zmian dodam fixlog
dodam że gdy próbuje zapisać plik fixlist.txt wyskakuje powiadomienie : ,Dokument zostanie zapisany w formacie Tylko tekst, w wyniku czego całe formatowanie zostanie usunięte. Czy na pewno chcesz to zrobić ?’’ Aby zapisać w innym formacie wciśnij nie.
Co mam zrobić ? w jakim formacie zapisać?
Pokaż nowe logi z FRST.
Nowe logi
Odinstaluj Qtrax Player.Otwórz Notatnik i wklej:
HKU\S-1-5-21-2253724802-3432384096-2488222500-1001\...\Run: [Facebook Update] = "C:\Users\Bukasz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2253724802-3432384096-2488222500-1001\...\Run: [nvxasync] = C:\Users\Bukasz\AppData\Roaming\nvxasync\nvxasync.exe
HKU\S-1-5-21-2253724802-3432384096-2488222500-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [76678656 2014-11-02] () ==== ATTENTION
Startup: C:\Users\łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk - C:\Users\łukasz\9p2garka7ur3\69890.vbs (No File)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll No File
BHO-x32: No Name - {61DB16C5-B733-43F4-872E-B20DC9E72740} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll" No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 FXDrv32; \\E:\FXDrv64.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S1 jxflqihg; \\C:\Windows\system32\drivers\jxflqihg.sys [X]
S1 kjnhwfil; \\C:\Windows\system32\drivers\kjnhwfil.sys [X]
2014-11-02 17:53 - 2014-11-02 17:54 - 00000000 _RSHD () C:\ProgramData\nvxasync
2014-11-02 16:51 - 2014-11-02 17:58 - 00000000 _RSHD () C:\Users\łukasz\AppData\Roaming\nvxasync
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
Przeskanuj programem Dr.WEB CureIt http://www.freedrweb.com/cureit/?lng=pl
Pokaż nowe logi z FRST.